DevSecOps Articles

Magento 2 Polyshell Vulnerability: Detection and Mitigation Guide

How to guide on checking if your Magento 2 store is safe from the Polyshell vulnerability. And guidance on how to patch and secure your site if it is not.

Strengthening Magento 2 Security in CI/CD Pipelines with Sansec Ecomscan

Learn how to integrate Sansec Ecomscan into Magento 2 CI/CD pipelines to detect malware, enforce security patches, and secure build artifacts. Step-by-step guides for GitHub Actions and Bitbucket Pipelines included.

Check if your Magento site is safe from Session Reaper (CVE-2025-54236)

How to guide on checking if your Magento 2 store is safe from the Session Reaper (CVE-2025-54236) exploit. And guidance on how to patch and secure your site if it is not.

Magento Trojan Orders (CVE-2022-24086) - addAfterFilterCallback

Magento 2 Trojan Orders (CVE-2022-24086) are back, lets talk about how to patch so we are safe. And other identifiers aside from addAfterFilterCallback

Simple 2 line fix for Polyfill.io Malware in Magento 2

A quick and easy two line fix configuration fix for the Polyfill.io Magento 2 Malware

Check if your Magento site is safe from CosmicSting (CVE-2024-34102)

How to guide on checking if your Magento 2 store is safe from the CosmicSting (CVE-2024-34102) exploit. And guidance on how to patch and secure your site if it is not.

Anonymizing Magento 2 Databases with Warden

A simple guide for anonymizing Magento 2 databases in Warden to either pass off to other developers or move forward into staging/ephemeral environments

Analyzing a real Magento 2 Stripe CC Scraper Malware Sample

Analyzing Magento 2 Malware used to Scrape Stripe credit card credentials. Injected via the shipping policy in the core_config_data DB table.

Magento 2 Malware Scanning with Sansec Ecomscan - CLI, Automation & Bulk Scans

How to setup and configure Malware scanning with Sansec Ecomscan for a single Magento 2 site or in bulk with Ansible

Magento 2 Malware Analysis